[keycloak-user] How to configure new params and edit them with Keycloak and LDAP integration
Celso Agra
celso.agra at gmail.com
Wed Mar 8 09:29:15 EST 2017
Hi all,
I'm trying to configure KC with LDAP, but some errors are occurring.
First, I configured my LDAP to write in the LDAP server, but for some
reasons I got this error when I try to register an user:
2017-03-08 11:05:28,862 WARN [org.keycloak.services] (default task-6)
> KC-SERVICES0013: Failed authentication: org.keycloak.models.ModelException:
> Could not modify attribute for DN [uid=11111111111,dc=zz,dc=dd,dc=aa]
at org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.
> modifyAttributes(LDAPOperationManager.java:410)
at org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.
> modifyAttributes(LDAPOperationManager.java:104)
at org.keycloak.federation.ldap.idm.store.ldap.
> LDAPIdentityStore.update(LDAPIdentityStore.java:105)
at org.keycloak.federation.ldap.mappers.msad.
> MSADUserAccountControlMapper$MSADUserModelDelegate.addRequiredAction(
> MSADUserAccountControlMapper.java:235)
at org.keycloak.federation.ldap.mappers.msad.
> MSADUserAccountControlMapper$MSADUserModelDelegate.addRequiredAction(
> MSADUserAccountControlMapper.java:220)
at org.keycloak.models.utils.UserModelDelegate.addRequiredAction(
> UserModelDelegate.java:112)
at org.keycloak.authentication.forms.RegistrationPassword.
> success(RegistrationPassword.java:101)
at org.keycloak.authentication.FormAuthenticationFlow.processAction(
> FormAuthenticationFlow.java:234)
at org.keycloak.authentication.DefaultAuthenticationFlow.
> processAction(DefaultAuthenticationFlow.java:76)
at org.keycloak.authentication.AuthenticationProcessor.
> authenticationAction(AuthenticationProcessor.java:759)
at org.keycloak.services.resources.LoginActionsService.processFlow(
> LoginActionsService.java:356)
at org.keycloak.services.resources.LoginActionsService.
> processRegistration(LoginActionsService.java:477)
at org.keycloak.services.resources.LoginActionsService.
> processRegister(LoginActionsService.java:535)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(
> MethodInjectorImpl.java:139)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(
> ResourceMethodInvoker.java:295)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(
> ResourceMethodInvoker.java:249)
at org.jboss.resteasy.core.ResourceLocatorInvoker.
> invokeOnTargetObject(ResourceLocatorInvoker.java:138)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
> ResourceLocatorInvoker.java:101)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
> SynchronousDispatcher.java:395)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
> SynchronousDispatcher.java:202)
at org.jboss.resteasy.plugins.server.servlet.
> ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
at org.jboss.resteasy.plugins.server.servlet.
> HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at org.jboss.resteasy.plugins.server.servlet.
> HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(
> ServletHandler.java:85)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
> doFilter(FilterHandler.java:129)
at org.keycloak.services.filters.KeycloakSessionServletFilter.
> doFilter(KeycloakSessionServletFilter.java:90)
at io.undertow.servlet.core.ManagedFilter.doFilter(
> ManagedFilter.java:60)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
> doFilter(FilterHandler.java:131)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(
> FilterHandler.java:84)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.
> handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletDispatchingHandler.
> handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow.security.
> SecurityContextAssociationHandler.handleRequest(
> SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
at io.undertow.servlet.handlers.security.
> SSLInformationAssociationHandler.handleRequest(
> SSLInformationAssociationHandler.java:131)
at io.undertow.servlet.handlers.security.
> ServletAuthenticationCallHandler.handleRequest(
> ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
at io.undertow.security.handlers.AbstractConfidentialityHandler
> .handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.
> ServletConfidentialityConstraintHandler.handleRequest(
> ServletConfidentialityConstraintHandler.java:64)
at io.undertow.security.handlers.AuthenticationMechanismsHandle
> r.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.
> CachedAuthenticatedSessionHandler.handleRequest(
> CachedAuthenticatedSessionHandler.java:77)
at io.undertow.security.handlers.NotificationReceiverHandler.
> handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.security.handlers.AbstractSecurityContextAssocia
> tionHandler.handleRequest(AbstractSecurityContextAssocia
> tionHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.
> JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.
> handleFirstRequest(ServletInitialHandler.java:284)
at io.undertow.servlet.handlers.ServletInitialHandler.
> dispatchRequest(ServletInitialHandler.java:263)
at io.undertow.servlet.handlers.ServletInitialHandler.access$
> 000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.
> handleRequest(ServletInitialHandler.java:174)
at io.undertow.server.Connectors.executeRootHandler(Connectors.
> java:202)
at io.undertow.server.HttpServerExchange$1.run(
> HttpServerExchange.java:793)
at java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.naming.directory.InvalidAttributeIdentifierException:
> [LDAP: error code 17 - pwdLastSet: attribute type undefined]; remaining
> name 'uid=11111111111,dc=zz,dc=dd,dc=aa'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3205)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1475)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(
> ComponentDirContext.java:277)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
> modifyAttributes(PartialCompositeDirContext.java:192)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
> modifyAttributes(PartialCompositeDirContext.java:181)
at javax.naming.directory.InitialDirContext.modifyAttributes(
> InitialDirContext.java:167)
at javax.naming.directory.InitialDirContext.modifyAttributes(
> InitialDirContext.java:167)
at org.keycloak.federation.ldap.idm.store.ldap.
> LDAPOperationManager$6.execute(LDAPOperationManager.java:405)
at org.keycloak.federation.ldap.idm.store.ldap.
> LDAPOperationManager$6.execute(LDAPOperationManager.java:402)
at org.keycloak.federation.ldap.idm.store.ldap.
> LDAPOperationManager.execute(LDAPOperationManager.java:535)
at org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.
> modifyAttributes(LDAPOperationManager.java:402)
... 59 more
2017-03-08 11:05:28,865 WARN [org.keycloak.events] (default task-6)
> type=LOGIN_ERROR, realmId=myrealm, clientId=teste-portal, userId=null,
> ipAddress=xxx.xxx.xxx.xxx, error=invalid_user_credentials,
> auth_method=openid-connect, auth_type=code, redirect_uri=http://127.0.0.1:
> 8080/teste-portal/
and then, I got this result in my ldap:
dn: uid=11111111111,dc=zz,dc=dd,dc=aa
givenName:: IA==
uid: 11111111111
objectClass: top
objectClass: inetOrgPerson
objectClass: person
objectClass: organizationalPerson
objectClass: phpgwAccount
objectClass: shadowAccount
sn:: IA==
cn:: IA==
structuralObjectClass: inetOrgPerson
entryUUID: 07f0e7caxxxxxxxxxxx
creatorsName: cn=admin,dc=zz,dc=dd,dc=aa
createTimestamp: 20170308140529Z
entryCSN: 20170308140529.527857Z#000000#000#000000
modifiersName: cn=admin,dc=zz,dc=dd,dc=aa
modifyTimestamp: 20170308140529Z
So, I wrote the uid as 11111111111, but I didn't set the sn, cn and
givenName as 'IA=='. It looks like some problem occurs in my configuration.
please, need help!!
Best Regards,
--
---
*Celso Agra*
More information about the keycloak-user
mailing list